netfilter: nf_tables: use rcu chain hook list iterator from netlink d…

…ump path Lockless iteration over hook list is possible from netlink dump path, use rcu variant to iterate over the hook list as is done with flowtable hooks. Fixes: b9703ed ("netfilter: nf_tables: support for adding new devices to an existing netdev chain") Reported-by: Phil Sutter <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
masami256 · Sep 26, 2024 · 4ffcf5c · 4ffcf5c
1 parent e1f1ee0
commit 4ffcf5c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
@@ -1849,7 +1849,7 @@ static int nft_dump_basechain_hook(struct sk_buff *skb, int family,
 		if (!hook_list)
 			hook_list = &basechain->hook_list;
 
-		list_for_each_entry(hook, hook_list, list) {
+		list_for_each_entry_rcu(hook, hook_list, list) {
 			if (!first)
 				first = hook;